OpenID Offers Open-Source Code Bounty

Looking to jumpstart widespread adoption of the OpenID online identity system, a dozen software vendors are backing a $50,000 bounty program to open-source developers.

The OpenID Code Bounty, which is supported by a slew of companies including VeriSign and Six Apart, offers $5,000 directly to 10 open-source projects that successfully implement OpenID 2.0 support.

Others backing the program include JanRain, Four Kitchen Studios, Cordance, OoTao, Zooomr, ClaimID, NetMesh, Sxip and Opinity.

OpenID, which was first championed by Six Aparts LiveJournal blogging software, is a simple identification mechanism that allows Web surfers to use a single log-in anywhere on the Internet.

/zimages/1/28571.gifGates pushes ID management for secure computing. Click here to read more.

It is styled as a lightweight, decentralized authentication mechanism that allows a bloggers online identity to be given by a URL thats verified by any server running the protocol.

OpenID is used primarily to authenticate users on blogs and other social networking sites and is not meant to be used on sensitive accounts like banking and e-commerce purchases.

To qualify for the bounty, an open-source program must implement OpenID 2.0 support as a relying party or identity provider and be compliant with an OpenID compliance testing tool that is scheduled for release in August 2006.

Once implemented, the organizers say it must be no more difficult than changing one configuration setting for an administrator to enable OpenID support.

The rules call for OpenID implementation to be distributed as part of the projects core distribution and for the OpenID logo to appear on the log-in form.

/zimages/1/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

To participate in the bounty, an open-source project must be distributed under an OSI-approved license and must have at least 200,000 Internet users and 5,000 monthly downloads.

Projects that already meet the requirements include WordPress, Drupal, phpBB, Plone, MediaWiki, Joomla, Slash and Mailman.

The protocol has already been implemented in LiveJournal and sites that use its code base (GreatestJournal, InsaneJournal, and DeadJournal), Movable Type and TypeKey.

VeriSign has implemented OpenID in its PIP (Personal Identity Provider), which is designed to provide a “home base” for users who want use OpenID applications.

For sensitive authentication, VeriSign has released VIP (VeriSign Identity Protection) to allow customers to use a single authentication credential across Web sites that support VIP.

Microsoft is also slated to deliver a federated ID initiative called InfoCard to serve as a trust-based, multifactor authentication system.

/zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.